CVE-2024-23314

Q: What is the severity of CVE-2024-23314?

CVE-2024-23314 has a CVSS score of 7.5 (HIGH). This vulnerability affects F5 BIG-IP and BIG-IP Next SPK systems with HTTP/2 configured. Undisclosed HTTP/2 responses can cause the Traffic Management Microkernel (TMM) to terminate, leading to denial of service. Only systems running supported software versions are affected.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability affects F5 BIG-IP and BIG-IP Next SPK systems with HTTP/2 configured. Undisclosed HTTP/2 responses can cause the Traffic Management Microkernel (TMM) to terminate, leading to denial of service. Only systems running supported software versions are affected.

💻 Affected Systems

Products:

F5 BIG-IP
F5 BIG-IP Next SPK

Versions: All supported versions with HTTP/2 configured

Operating Systems: F5 TMOS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when HTTP/2 is explicitly configured. Systems with End of Technical Support (EoTS) versions are not evaluated.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption as TMM termination causes all traffic management functions to fail, requiring manual intervention to restore service.

🟠

Likely Case

Intermittent service outages and degraded performance as TMM restarts automatically but causes connection drops during termination.

🟢

If Mitigated

Minimal impact with proper monitoring and automated recovery mechanisms in place to handle TMM restarts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specific HTTP/2 responses to vulnerable systems, which can be done remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check F5 advisory K000137675 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000137675

Restart Required: Yes

Instructions:

1. Review F5 advisory K000137675
2. Identify affected systems and versions
3. Download and apply appropriate patches from F5 downloads
4. Restart TMM services
5. Verify patch application and functionality

🔧 Temporary Workarounds

Disable HTTP/2

all

Temporarily disable HTTP/2 configuration to mitigate vulnerability until patching

tmsh modify ltm profile http2 <profile_name> disabled

Implement Rate Limiting

all

Configure rate limiting on HTTP/2 traffic to reduce attack surface

tmsh create ltm policy http2-rate-limit

🧯 If You Can't Patch

Disable HTTP/2 configuration on all vulnerable systems
Implement network segmentation to restrict HTTP/2 traffic to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check if HTTP/2 is configured: tmsh list ltm profile http2 | grep -i enabled

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify patch version matches fixed versions in F5 advisory and HTTP/2 functionality remains operational

📡 Detection & Monitoring

Log Indicators:

TMM termination events in /var/log/ltm
Unexpected TMM restarts
HTTP/2 connection resets

Network Indicators:

Increased HTTP/2 error rates
Unusual patterns in HTTP/2 traffic

SIEM Query:

source="/var/log/ltm" AND "TMM terminated" OR "HTTP/2 reset"

📊 Metadata

CVE ID: CVE-2024-23314

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-908

Published: February 14, 2024

Last Updated: January 23, 2025

🔗 References

https://my.f5.com/manage/s/article/K000137675 Vendor Advisory
https://my.f5.com/manage/s/article/K000137675 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Next Service Proxy For Kubernetes by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Iq Centralized Management by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable HTTP/2

Implement Rate Limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities